Mac OS X invulnerability to malware is a myth, says security firm

The Flashback malware scare is only the tip of the iceberg for Mac users, says …

Kaspersky Lab says Flashback infections have plummeted, but that doesn't mean other threats aren't on the horizon.

Image courtesy of Kaspersky Lab

Mac users can expect more OS X botnets, drive-by downloads, and mass malware from here on out. That's according to security researchers from Kaspersky Lab, who said during a press conference on Thursday morning that anti-malware software is now a necessity for Mac users, and that "Mac OS X invulnerability is a myth."

The firm acknowledged that malware for the Mac has existed for years but only recently started gaining more momentum thanks to a critical increase in Mac market share. In the case of Flashback (also known as Flashfake), the malware morphed from a socially engineered installation app to an attack that targeted an unpatched Java vulnerability. So far, it has been used to hijack search results—a technique often used in click fraud scams—but the attackers have the ability to employ the malware tactic of their choice on a machine at any time as long as it remains infected.

(It's worth noting that Kaspersky says the latest Flashback infection was spread via hijacked WordPress sites thanks to a vulnerability in the blog software. This means that trusted blogs visited by Mac users could have been used to spread the infection, debunking the myth that infections only happen by visiting shady websites or opening unidentified files.)

Kaspersky and other researchers still aren't sure exactly who's behind Flashback, but speculate that the perpetrators are only going after small financial gains given their behavior patterns. "The exploit distribution URLs that we are aware of have only targeted Mac users," says Kaspersky Lab analyst Kurt Baumgartner. "These factors limit the operational and technical needs of a financially motivated cybercrime gang."

The firm says the number of Flashback infections has plummeted to about 30,000 in recent days—a bit lower than Symantec's 140,000 estimate from Wednesday, and quite a bit lower than the almost 700,000 who were infected as of April 6. (See graph at the top of this post.) But 30,000 is still a fairly large number, and Kaspersky warns that Mac users can no longer rest easy on the belief that they are (or were ever) immune to these kinds of attacks.

The firm did acknowledge that Apple is moving toward a more controlled Mac ecosystem with the introduction of Gatekeeper in OS X 10.8 (Mountain Lion), expected to be released this summer. Using GateKeeper, Mac users will be able to tightly control which sources apps can be installed from, theoretically making the platform safer from downloadable malware attacks—at least for less experienced users. But Kaspersky predicted we're going to see a "cat and mouse game" between Apple and attackers, and emphasized that conscientious Mac users should get on the antivirus software bandwagon before it's too late.

Apple did not immediately respond to requests for comment on Kaspersky's statements.